-
Shu-yu Guo authored
The unregister_token slot is iterated as a custom weak pointer slot, which means the heap verifier treats it as a strong slot. Currently, popped WeakCells (that is, WeakCells for which the owning FinalizationRegistry's finalizer has already been invoked) neither clears out the unregister_token slot nor marks it, which trips the heap verifier. Bug: chromium:1102161 Change-Id: I0a803f12379fc9df6935bc8331b3d5ecb199571a Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2284202 Commit-Queue: Ulan Degenbaev <ulan@chromium.org> Reviewed-by:
Ulan Degenbaev <ulan@chromium.org> Auto-Submit: Shu-yu Guo <syg@chromium.org> Cr-Commit-Position: refs/heads/master@{#68723}
93c0be4b
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| benchmarks | ||
| cctest | ||
| common | ||
| debugger | ||
| debugging | ||
| fuzzer | ||
| fuzzilli | ||
| inspector | ||
| intl | ||
| js-perf-test | ||
| memory | ||
| message | ||
| mjsunit | ||
| mkgrokdump | ||
| mozilla | ||
| test262 | ||
| torque | ||
| unittests | ||
| wasm-api-tests | ||
| wasm-js | ||
| wasm-spec-tests | ||
| webkit | ||
| BUILD.gn | ||
| OWNERS |